CVE-2012-5144

critical

Published 2012-12-12 · Modified 2026-04-29

CVSS v3

—

CVSS v2

10.0

VIR risk

10.0

Description

Google Chrome before 23.0.1271.97, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, do not properly perform AAC decoding, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via vectors related to "an off-by-one overwrite when switching to LTP profile from MAIN."

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2012-5144

OS impact

OS	Version	Status	Fixed in
debian	bookworm	fixed	`0`
debian	bullseye	fixed	`0`
debian	forky	fixed	`0`
debian	sid	fixed	`0`
debian	trixie	fixed	`0`
suse	12.1	affected
suse	12.2	affected
ubuntu	11.10	affected
ubuntu	12.04	affected
ubuntu	12.10	affected

Application impact

Vendor	Product	Versions
libav	libav	`0.8`
libav	libav	`0.8.1`
libav	libav	`0.8.2`
libav	libav	`0.8.3`
libav	libav	`0.8.4`
google	chrome	`{"endIncluding":"23.0.1271.96"}`
google	chrome	`23.0.1271.0`
google	chrome	`23.0.1271.1`
google	chrome	`23.0.1271.2`
google	chrome	`23.0.1271.3`
google	chrome	`23.0.1271.4`
google	chrome	`23.0.1271.5`
google	chrome	`23.0.1271.6`
google	chrome	`23.0.1271.7`
google	chrome	`23.0.1271.8`
google	chrome	`23.0.1271.9`
google	chrome	`23.0.1271.10`
google	chrome	`23.0.1271.11`
google	chrome	`23.0.1271.12`
google	chrome	`23.0.1271.13`
google	chrome	`23.0.1271.14`
google	chrome	`23.0.1271.15`
google	chrome	`23.0.1271.16`
google	chrome	`23.0.1271.17`
google	chrome	`23.0.1271.18`
google	chrome	`23.0.1271.19`
google	chrome	`23.0.1271.20`
google	chrome	`23.0.1271.21`
google	chrome	`23.0.1271.22`
google	chrome	`23.0.1271.23`
google	chrome	`23.0.1271.24`
google	chrome	`23.0.1271.26`
google	chrome	`23.0.1271.30`
google	chrome	`23.0.1271.31`
google	chrome	`23.0.1271.32`
google	chrome	`23.0.1271.33`
google	chrome	`23.0.1271.35`
google	chrome	`23.0.1271.36`
google	chrome	`23.0.1271.37`
google	chrome	`23.0.1271.38`
google	chrome	`23.0.1271.39`
google	chrome	`23.0.1271.40`
google	chrome	`23.0.1271.41`
google	chrome	`23.0.1271.44`
google	chrome	`23.0.1271.45`
google	chrome	`23.0.1271.46`
google	chrome	`23.0.1271.49`
google	chrome	`23.0.1271.50`
google	chrome	`23.0.1271.51`
google	chrome	`23.0.1271.52`
google	chrome	`23.0.1271.53`
google	chrome	`23.0.1271.54`
google	chrome	`23.0.1271.55`
google	chrome	`23.0.1271.56`
google	chrome	`23.0.1271.57`
google	chrome	`23.0.1271.58`
google	chrome	`23.0.1271.59`
google	chrome	`23.0.1271.60`
google	chrome	`23.0.1271.61`
google	chrome	`23.0.1271.62`
google	chrome	`23.0.1271.64`
google	chrome	`23.0.1271.83`
google	chrome	`23.0.1271.84`
google	chrome	`23.0.1271.85`
google	chrome	`23.0.1271.86`
google	chrome	`23.0.1271.87`
google	chrome	`23.0.1271.88`
google	chrome	`23.0.1271.89`
google	chrome	`23.0.1271.91`
google	chrome	`23.0.1271.92`
google	chrome	`23.0.1271.93`
google	chrome	`23.0.1271.94`
google	chrome	`23.0.1271.95`
libav	libav	`0.7`
libav	libav	`0.7.1`
libav	libav	`0.7.2`
libav	libav	`0.7.3`
libav	libav	`0.7.4`
libav	libav	`0.7.5`
libav	libav	`0.7.6`

References

CWEs

CWE-119

Verify integrity in audit chain (admin only). AS-IS.